All Change!

Winston Churchill once said: “To improve is to change; to be perfect is to change often.”

International Standards are all about continuous improvement which, to follow Churchill’s advice, implies that change is inevitable. And the Standards themselves are no exception to this rule and are constantly reviewed and updated.

This year (2022) it’s the turn of the ISO27001 Information Security Standard to be updated. This, if you think about it, is no great surprise, given that the current edition of the Standard is 2013 and the whole landscape of information technology and associated threats has changed dramatically since that time.


Information Security Standard

The first thing to notice about the change is the title of the Standard.

The 2013 version of the Standard is entitled:

Information technology — Security techniques: — Information security management systems — Requirements

The 2022 version of the Standard is entitled:

Information security, cybersecurity and privacy protection: — Information security management systems — Requirements

Notice the emphasis on security, cybersecurity and privacy instead of simply security techniques. People are becoming much more aware of the value of their data and the need to be reassured of its security. At the same time, the level of threats to the security of data (in the form of cyber-attacks, hacking, ransomware, etc.) has escalated.

I won’t bore you with details of the changes to the Standard. For those organisations who already have ISO27001 certification, there is no need to panic and make immediate changes. For all new certifications, the changes will apply to their initial certification audits. Existing certificate holders will have until November 2025 (or their next re-certification audit, whichever is earlier) to introduce the changes.


Work with Us

For existing Performance Plus clients, you can be assured that our consultants have already completed the necessary training to guide you through the transition process. New clients will, of course, be given the correct information to ensure that their Information Security Management System is ready for ISO27001:2022 certification.

If you would like to know more about Information Security and how the ISO27001 Standard can benefit your organisation, then contact us for a free initial discussion:

Tel: 01284 330400 or email: